[Bug 194745] New: security/openvpn: incorrect self route when using subnet topology
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Nov 1 19:35:10 UTC 2014
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=194745
Bug ID: 194745
Summary: security/openvpn: incorrect self route when using
subnet topology
Product: Ports Tree
Version: Latest
Hardware: Any
OS: Any
Status: Needs Triage
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: mandree at FreeBSD.org
Reporter: vsasjason at gmail.com
Assignee: mandree at FreeBSD.org
Flags: maintainer-feedback?(mandree at FreeBSD.org)
OpenVPN set the self address route via the tunnel interface instead of correct
- loopback.
I'm using topology subnet with 192.168.89.0 255.255.255.0 network.
Example below:
jason at cli0:~ % ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::ec4:7aff:fe06:5e%tun0 prefixlen 64 scopeid 0x7
inet 192.168.89.2 --> 192.168.89.2 netmask 0xffffff00
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 86175
jason at cli0:~ % netstat -rn | fgrep '192.168.89.'
192.168.89.0/24 192.168.89.2 UGS 0 4857954 tun0
192.168.89.2 link#7 UH 0 5 tun0
jason at cli0:~ % ping -c 3 192.168.89.2
PING 192.168.89.2 (192.168.89.2): 56 data bytes
--- 192.168.89.2 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
jason at cli0:~ % ping -c 3 192.168.89.1
PING 192.168.89.1 (192.168.89.1): 56 data bytes
64 bytes from 192.168.89.1: icmp_seq=0 ttl=64 time=30.161 ms
64 bytes from 192.168.89.1: icmp_seq=1 ttl=64 time=30.200 ms
64 bytes from 192.168.89.1: icmp_seq=2 ttl=64 time=30.220 ms
--- 192.168.89.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 30.161/30.194/30.220/0.024 ms
jason at cli0:~ %
I tried a workaround on the server:
ifconfig tun0 inet 192.168.89.1 192.168.89.255
route add -net 192.168.89.0/24 -iface tun0
So the results are:
jason at srv0:~$ ifconfig tun0
tun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
inet6 fe80::21e:67ff:fead:6ab0%tun0 prefixlen 64 scopeid 0x3
inet 192.168.89.1 --> 192.168.89.255 netmask 0x0
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Opened by PID 63010
jason at srv0:~$ netstat -rn | fgrep '192.168.89.'
192.168.89.0/24 tun0 US 0 29374111 tun0
192.168.89.1 link#3 UHS 0 213985 lo0
192.168.89.255 link#3 UH 0 0 tun0
jason at srv0:~$ ping -c 3 192.168.89.1
PING 192.168.89.1 (192.168.89.1): 56 data bytes
64 bytes from 192.168.89.1: icmp_seq=0 ttl=64 time=0.050 ms
64 bytes from 192.168.89.1: icmp_seq=1 ttl=64 time=0.093 ms
64 bytes from 192.168.89.1: icmp_seq=2 ttl=64 time=0.016 ms
--- 192.168.89.1 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.016/0.053/0.093/0.032 ms
jason at srv0:~$
--- Comment #1 from Bugzilla Automation <bugzilla at FreeBSD.org> ---
Auto-assigned to maintainer mandree at FreeBSD.org
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list